Class Activity: User Education on SNS Phishing. Contextual Training Users are sent simulated phishing emails by the experimenter to test user’s vulnerability.

Slides:



Advertisements
Similar presentations
PayPal Phishing Example. Can you tell which is real? 1. 2.
Advertisements

You are responsible for security of your internet banking transactions ONLINE.
CIM Student Employment - TimesheetX
Electronic Proposal Development and Submission Module 2 Introduction to Cayuse 424 Research Suite Product Support m.
Let’s Set Up Google. Open your Google Chrome Browser.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
User Education Baik Sangyong Cheng Zeng. Agenda Why Need User Education Examples of User Education Security-Reinforcing Application for User Education.
Internet Phishing Not the kind of Fishing you are used to.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Screenshots for Contextual Inquiry Brad Myers and Gus Prevas HCI in eCommerce For scenario shown in video: 88.5 mb mpeg 88.5 mb mpeg.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
LRHSD GOOGLE ACCOUNTS STEP 1 – go to docs.google.com and log in with your school (if you don’t know if you have an account, click on “CANNOT ACCESS.
Reliability & Desirability of Data
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Educause/SonicWall, Hendra Harianto Tuty, Microsoft Corporation,
The Mobile Capabilities of the New CBGundaker.com & How to Share Your Personally Branded Agent URL.
Contact Manager / Client Connect. Contacts vs. Prospects? LPS Real Estate Group2 Formerly in Paragon 4, Contacts where either a general contact or considered.
ECHAM Roll Out Training. Each individual will have a unique user name and password to sign into the eCHAM. The website will time out after 24 hours.
Retail Training Manuel 2 Overview  One stop, secure, and easy-to-use web-based tool that incorporates rate, quote, and bind functions  Enables agents.
2015 – 2016 Training SAFE SCHOOLS. Your user name is your LESA address. FIRST, YOU WILL RECEIVE AN .
EduBrite Training for Group Admins. Dashboard Reports Groups Enrolled courses More items under this menu.
Information Security Sharon Welna Information Security Officer.
CCT355H5 F Presentation: Phishing November Jennifer Li.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.
Phishing: Trends and Countermeasures Blaine Wilson.
The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
SharePoint Security Training Creating and Managing Users
Social Engineering © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
Copy of the from the secure website - click on the AccoridaLife.zip link.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Phishing, Spoofing, Spamming and Security How To Protect Yourself Additional Credits: Dr. Harold Cothern, Educause/SonicWall, Hendra Harianto Tuty, Microsoft.
Make it easy for customers. Add Sitelinks AdWords Sitelinks. Increasing choice and relevancy in your Search ads.
Kamdhenu Website is used to Add agent in Kamdhenu offer under Group head Pfiger Software Technologies Pvt. Ltd.
Introduction to Cayuse 424
Personal spaces.
Assess Survey Invitations
Technology Resources VOKI
Cybersecurity Awareness
Google Account Recovery Phone Number Lost For any information regarding Google Account Recovery phone number lost, please read the following presentation.
Introduction to Cayuse 424
Registering on the SITE is a MULTI-STEP process:
Start Strong: SAM Let’s Get Started What you’ll get: Sp2018
Digital $$ Quiz Test your knowledge.
CS 142 Lecture Notes: Security Attacks: Phishing
Logging in to CIITS.
Teaching you NOT to fall for Phish
Address: nca.us.tzuchi.org/glossary
Training Presentation for McCormick’s Proficiency Sample Program Website Lesson 10 - How to access McCormick's Technical Methods through the Technical.
New to site you will click on “REGISTER’
User Registration.
Manual Water Ski Directory
Training Presentation for McCormick’s Proficiency Sample Program Website Lesson 2 - How to change your password [Instructor Notes, if any, will appear.
Desktop Reference Guide End Users
Training Presentation for McCormick’s Proficiency Sample Program Website Lesson 2 - How to change your password [Instructor Notes, if any, will appear.
Desktop Reference Guide End Users
Training Presentation for McCormick’s Proficiency Sample Program Website Lesson 2 - How to change your password [Instructor Notes, if any, will appear.
Desktop Reference Guide End Users
Desktop Reference Guide End Users
Training Presentation for McCormick’s Proficiency Sample Program Website Lesson 10 - How to access McCormick's Technical Methods through the Technical.
Indeed.com Creating an account.
Presentation transcript:

Class Activity: User Education on SNS Phishing

Contextual Training Users are sent simulated phishing s by the experimenter to test user’s vulnerability regarding phishing attacks At the end of the study, user is notified about phishing attacks No immediate feed-back

Embedded Training Teaches user about phishing during regular usage of the application, such as

Reflection Principle Reflection is the process by which learners are made to stop and think about what they’re learning

Story-based Agent Environment Principle Agents are characters that help users regarding learning process

Conceptual-Procedural Principle Conceptual & Procedural knowledge influence one and another

Demo of Anti-Phishing Phil

Another Form of Phishing Attack Full Screen API Demo

Ad-Click Demo

User Should Reject Security Advice? User rejecting security advice is rational from an economic perspective 100% of certificate error warnings appear to be false positive Most security advices provide poor cost-benefit tradeoff to users and is rejected How can we blame users for not adhering to certificate warnings when vast majority of them are false positives?

Users are the Weakest Link in Security Why attack machines when users are so easy to target? Most large web-sites offer security tips to users Not so effective however Users are lazy

Why Do Users Disregard Security Warnings? Overwhelmed Benefits are moot or perceived as moot Strong password does nothing in presence of keylogger How often does user perceive a real attack?

Password Policies

Teaching Users to Identify Phishing Sites By Reading URL Phishers quickly evolve

Certificate Errors Type Type Type paypal control + enter Search Google for PayPal and click link Click bookmarked Click bookmarked Problems?

Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.